This post originally appeared on the JadoPado Blog and has been re-produced here to preserve the JadoPado historical record.
We found out about the Heartbleed bug on the 8th of April at 1000 (GMT + 4) and pushed out a fix to all our affected environments by 1300, less than 12 hours after the bug was announced. We also updated our SSL certificates to ensure that even if our private keys were stolen, they can no longer be used.
To the best of our knowledge, no customer data has been compromised. As a reminder, credit card data is stored securely with our payment processor, CyberSource in their PCI Level 1 compliant data centre. JadoPado does not store any credit card data within its own infrastructure.
As an additional precaution, we recommend that you change your password by accessing your My Account area.